This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
debugging [2019/10/25 04:22] Denis Kenzior |
debugging [2020/10/21 16:28] Andrew Zaborowski Syntax highlighting |
||
---|---|---|---|
Line 5: | Line 5: | ||
By default, iwd suppresses all debug output. However, sometimes it is advantageous to enable this and can be easily accomplished by passing the '-d' command line option when starting iwd, as follows: | By default, iwd suppresses all debug output. However, sometimes it is advantageous to enable this and can be easily accomplished by passing the '-d' command line option when starting iwd, as follows: | ||
- | <code> | + | <code bash> |
denkenz@iwd-test ~ $ sudo iwd -d | denkenz@iwd-test ~ $ sudo iwd -d | ||
</code> | </code> | ||
Line 11: | Line 11: | ||
One can also selectively enable debug output if only a certain subset of debug messages are interesting. This is done by passing a filter (glob match rules apply) after the -d commannd line option, as follows: | One can also selectively enable debug output if only a certain subset of debug messages are interesting. This is done by passing a filter (glob match rules apply) after the -d commannd line option, as follows: | ||
- | <code> | + | <code bash> |
denkenz@iwd-test ~ $ sudo iwd -d'station*' | denkenz@iwd-test ~ $ sudo iwd -d'station*' | ||
</code> | </code> | ||
Line 17: | Line 17: | ||
The above would only print debug messages from the station module. | The above would only print debug messages from the station module. | ||
+ | Sometimes users or developers will want to share debug logs with other developers to help in debugging. Some, who considered the SSIDs or MAC addresses (BSSIDs) in their debug logs sensitive, have used the following commands to filter the logs. IWD will eventually support doing this internally. | ||
+ | |||
+ | <code bash> | ||
+ | $ sed -E "s/([0-9a-fA-F]{2}:?){6}/11:22:33:44:55:66/" iwd.log | sed -e "s/SSID:\ .*, f/SSID: xxx f/" | sed 's/Added new Network .* security/Added new Network "xxx" security/' | ||
+ | </code> | ||
==== Enabling TLS Debugging ==== | ==== Enabling TLS Debugging ==== | ||
If you are having issues with WPA-Enterprise authentication methods based on TLS (e.g. EAP-TLS, EAP-TTLS, EAP-PEAP) then you can also enable much more verbose TLS debug output by setting the IWD_TLS_DEBUG environment variable. For example: | If you are having issues with WPA-Enterprise authentication methods based on TLS (e.g. EAP-TLS, EAP-TTLS, EAP-PEAP) then you can also enable much more verbose TLS debug output by setting the IWD_TLS_DEBUG environment variable. For example: | ||
- | <code> | + | <code bash> |
denkenz@iwd-test ~ $ export IWD_TLS_DEBUG=1 | denkenz@iwd-test ~ $ export IWD_TLS_DEBUG=1 | ||
denkenz@iwd-test ~ $ sudo iwd -d | denkenz@iwd-test ~ $ sudo iwd -d | ||
Line 30: | Line 35: | ||
One can also spy on the netlink (NL80211) between iwd and the kernel using the 'iwmon' utility. To start it, simply issue the iwmon command as root prior to starting iwd, as follows: | One can also spy on the netlink (NL80211) between iwd and the kernel using the 'iwmon' utility. To start it, simply issue the iwmon command as root prior to starting iwd, as follows: | ||
- | <code> | + | <code bash> |
denkenz@iwd-test ~ $ sudo iwmon | denkenz@iwd-test ~ $ sudo iwmon | ||
</code> | </code> | ||
Line 36: | Line 41: | ||
The above command will start iwmon and will dump out (to stdout) all NL80211, RTNL and EAPoL traffic ongoing between the kernel and iwd. If you're not interested in the contents of certain messages, you can filter these with iwmon command line options. For example, if you're trying to debug WPA-Enterprise authentication issues, then you can issue the following command to filter RTNL, scanning and wiphy capability related messages: | The above command will start iwmon and will dump out (to stdout) all NL80211, RTNL and EAPoL traffic ongoing between the kernel and iwd. If you're not interested in the contents of certain messages, you can filter these with iwmon command line options. For example, if you're trying to debug WPA-Enterprise authentication issues, then you can issue the following command to filter RTNL, scanning and wiphy capability related messages: | ||
- | <code> | + | <code bash> |
denkenz@iwd-test ~ $ sudo iwmon --nortnl --nowiphy --noscan | denkenz@iwd-test ~ $ sudo iwmon --nortnl --nowiphy --noscan | ||
</code> | </code> | ||
Line 42: | Line 47: | ||
One can also have iwmon save all packets in PCAP format for later examination (e.g. in wireshark) as follows: | One can also have iwmon save all packets in PCAP format for later examination (e.g. in wireshark) as follows: | ||
- | <code> | + | <code bash> |
denkenz@iwd-test ~ $ sudo iwmon --write /path/to/file.pcap | denkenz@iwd-test ~ $ sudo iwmon --write /path/to/file.pcap | ||
</code> | </code> | ||
+ | |||
+ | ==== Debug environment variables summary ==== | ||
+ | |||
+ | Here are the environment variables you can set to enable specific debug output in addition to the ''-d'' switch. | ||
+ | |||
+ | ^ ^ ^ | ||
+ | | ''IWD_TLS_DEBUG'' | Debug output for TLS tunnels used by EAP methods | | ||
+ | | ''IWD_GENL_DEBUG'' | Debug output for Generic Netlink communication with the kernel | | ||
+ | | ''IWD_RTNL_DEBUG'' | Debug output for Route Netlink communication with the kernel | | ||
+ | | ''IWD_DHCP_DEBUG'' | Debug output for the internal DHCP client | | ||
+ | | ''IWD_WSC_DEBUG_KEYS'' | (requires ''-d'') Print out credentials obtained through WSC | |